لطفا منتظر باشید ...
Setting up User Accounts
Logging On and Logging Off" in Chapter 1.To see existing accounts: Choose Start > Control Panel > User Accounts (Figure 16.1 ).or Choose Start > Run; type nusrmgr.cpl and then press Enter.
Figure 16.1. This window lists everyone who has a user account.
Account Types
An account type defines a user's privileges rights to perform specific tasks. The account type appears below each user's name.A computer administrator has sweeping systemwide rights to create, change, and delete user accounts and passwords; access all files (including other users' files); and install programs and hardware. Many of the settings described in this book require administrative privileges, which you should grant to few users besides yourself. XP must have at least one Administrator account, and if you installed Windows or maintain it, this is your account type.If you're not an Administrator, you're an everyday Limited user who can change your own password, picture, .NET Passport, desktop theme, and Start menu; change some Control Panel settings (you can't change the system time, for example); and access files in your My Documents folder (everyone else's files are off limits) and the Shared Documents folder (which Windows Setup creates automatically as a shared location for all users).Windows also comes with a no-password Guest account that has the same privileges as a limited account. This account, intended for visitors, is turned off by default and should stay that way.User Accounts offers straightforward controls to create, change, and delete accounts.To create an account:
1. In User Accounts, click Create a New Account.2. Type a user name for the account; then click Next.You'll also use this name to log on to domains and to computers without the Welcome screen.3. Select an account type (see the "Account Types" sidebar) (Figure 16.2 ); then click Create Account.
Figure 16.2. Best practice: Don't use spaces in a user name because they may cause problems with some programs and command-line tools. Capitalization doesn't matter, but favor only lowercase letters. Most punctuation is forbidden. Use a short name that will fit easily in messages and dialog boxes.
After creating a user account, you edit it to set up its other information. You can change a user account's details, such as its password and picture, at any time after creating it.To edit an account:
1. In User Accounts, click the name or icon of the account that you want to change.Don't bother with the extra click of the Change an Account link.2. In the window that appears (Figure 16.3 ), choose among these options:
Figure 16.3. Administrators have full access to all accounts. Some options are available for only your account; other options, for only others' accounts. Limited users see fewer options; they can't change their name or account type, nor can they modify other users' accounts.
Figure 16.4. If you provide a password hint, use one that's meaningful to only you, because...
Figure 16.5. ...everyone who uses your PC can see it. Click the ? icon on the Welcome screen to reveal your password hint.
Figure 16.6. Click Browse for More Pictures to post your own picture, automatically scaled to fit. If a camera is connected to your PC, you'll see Get a Picture from a Camera or Scanner. If you want to change only your picture, you can double-click your Start-menu picture to open this window quickly.
If you're worried that you'll forget your password and draw a blank on your password hint, create a password reset disk to recover it. You must create it now, before you actually need it. Keep the disk safe; anyone can use it to change your password. (An Administrator always can reset your forgotten password, but a reset wipes your secondary passwords; see the "Passwords" sidebar.)To create a password reset disk:
1. In User Accounts, click your account's name or icon.2. In the task pane at the left, click Prevent a Forgotten Password.The Forgotten Password Wizard opens (Figure 16.7 ).
Figure 16.7. You can have only one password reset disk for each account. If you make a new one, the old one becomes unusable.
You, as Administrator, can delete any account that's not logged on. (Press Ctrl+Shift+Esc and click the Users tab to see who's connected if Fast User Switching is turned on.) You can't delete the account that you're logged on to or the last Administrator account. A deleted account is gone forever, along with its settings and secondary passwords, as described in the "Passwords" sidebar. If you create a new account with the same name and password, Windows considers it to be a different account.To delete an account:
1. In User Accounts, click the name or icon of the account that you want to delete.2. Click Delete This Account.3. Click Keep Files to save the user's desktop and My Documents files on your desktop in a folder named after the deleted user (Figure 16.8 ).
Figure 16.8. Windows saves only documents, not the deleted user's email, Favorites, or settings.
Sharing Files" in Chapter 17.Manage accounts through only User Accounts. If you tinker with accounts in the Documents and Settings folder, you'll create a confusing array of duplicate folders with the computer name appended (diane and diane.NILE, for example).For security reasons, consider using a Limited account for routine logons and an Administrator account for special occasions. If you're logged on as a Limited user and try to install a programwhich requires Administrator privilegesRecovering After a Crash" in Chapter 19) or when no other administrative accounts exist, for example. To manage this account, use the dialog box described in the next tip.Power users prefer the Windows 2000style User Accounts dialog box to manage user accounts. It's hidden in XP. To reveal it, choose Start > Run; type control userpasswords2 and then press Enter (Figure 16.10 ).
If you're a domain member, choose Start > Control Panel > User Accounts to create and manage accounts. The dialog box that appears is almost identical to Figure 16.10, except that the Users list has an extra column named Domain. The ideas described earlier in this section apply here, with a few extras. Accounts created here are local accounts stored on your PC, not on the domain server. You'll want a localnot domainAdministrator account to update drivers, for example. You also can assign people to groups, as described in the next tip.Upon graduation to advanced user management, you'll use the Local Users and Groups console. Choose Start > Run; type lusrmgr.msc and then press Enter (Figure 16.11 ). With this console, you can create and manage users and groups. Groups are named collections of users that transcend the standard Administrator/Limited account types and give you great flexibility in fine-tuning file and folder permissions.Figure 16.9. If this dialog box doesn't appear automatically, right-click the program's installation icon (on the CD, floppy, or your hard drive); then choose Run As.
Figure 16.10. This dialog box is more powerful and direct than Control Panel's User Accounts. You can create, edit, and delete accounts without slogging through a wizard. Click the Advanced tab for more options.
Figure 16.11. Despite its austere appearance, this tool offers power and flexibility. Double-click an account name to set advanced options, for example.
[View full size image]
Passwords
appendix). Click Yes, Make Private to deny others access to your C:\Documents and Settings\<your user name > folder. (An unethical Administrator still can inspect your files by changing your password.) See also "Sharing Files" in Chapter 17.The secondary passwords stored in your account for certain web sites, network files and folders, encrypted files, your .NET Passport, and so on are lost if an Administrator changes your password (but not if you change it), thus preventing someone unscrupulous from, say, cleaning out your bank account courtesy of a password memorized by your browser.If you upgraded from Windows 9x with user accounts, XP set the imported accounts to Administrator and erased their passwords. XP forbids passwordless network logons, but passersby can log on. To plug this security hole, assign passwords and downgrade account types to Limited.In most situations, it's imperative to password-protect every account. The web has good advice on how to choose (and not choose) passwords; search for choosing a password on Google. For starters, see www.cs.umd.edu/faq/Passwords.shtml. If you're not offended easily, search for Grady Ward's article on using "shocking nonsense" to pick a password.
